You can never be too safe when it comes to patient information

Ransomware may sound like something out of a James Bond film, but, as the wide-spread attack in early May demonstrated, this kind of malicious software is very real. More than 130,000 organizations worldwide were compromised in less than 48 hours, and according to the AMA, some cases of this attack have affected patient access to care. Hospitals and clinics need to be aware of ransomware and how to prevent it from compromising their patients’ medical and personal financial information.

Ransomware is defined as a type of malware—or malicious software—that prevents or limits users from accessing their computer systems or files. According to Trend Micro™—an IT security company based in Texas—users can inadvertently infect their computers with ransomware by clicking on questionable e-mails or attachments or visiting an unsafe website. Once executed in the system, ransomware can either lock the computer screen or encrypt predetermined files with a password. In the first instance, the ransomware will show a full-screen image or notification, which prevents its victims from using their system, and gives instructions on how users can pay the ransom to have their system unlocked. In the second, the ransomware will encrypt documents, spreadsheets and other important files of the user or the entire system until the ransom is paid.

Payment does not always guarantee that users can regain access to their files or systems, however, or that the hackers will not attack again. The best practice for ransomware prevention is backing up all files and systems. Trend Micro suggests the 3-2-1 method of “three backup copies on two different media with one backup in a separate location.” Additional prevention strategies include implementing software and security system updates as they become available and training staff to avoid suspicious downloads and e-mails.

A few ransomware attacks against hospitals in California made national headlines last year. And in March 2016, Wired.com reported a ransomware cyberattack at the Hollywood Presbyterian Medical Center in Los Angeles. Its computers were offline for over a week until hospital officials agreed to pay the equivalent of $17,000 in internet trading currency known as Bitcoin.

Ransomware attacks against clinics and hospitals are happening at a growing rate—and it’s not just happening in California. Wisconsin Medical Society Insurance and Financial Services continues to hear from both clinic and hospital facilities in Wisconsin that experienced ransomware attacks in the last year. In most cases, good risk management and data backup procedures saved them from disastrous outcomes. But even then, they both experienced computer system down time and the need to retrieve records, which caused a delay in billing.

This two-minute video, produced by the risk resource team at ProAssurance, describes how some common cyberattacks can occur and offers tips for safeguarding people’s private electronic information. The American Medical Association also provides cybersecurity information.

To learn more about cyber security insurance, contact Wisconsin Medical Society Insurance and Financial Services at 866.442.3810 or e-mail insurance@wismed.org.

The views and opinions expressed in this blog are solely those of the author and do not necessarily represent the views of the Wisconsin Medical Society, Wisconsin Medial Society Holdings Corporation or its subsidiaries. Nothing in this blog should be construed as legal, financial or clinical advice.

Shawna brings over 20 years of industry experience to her role as vice president of alternative risk solutions with Wisconsin Medical Society Insurance and Financial Services. After earning a bachelor’s degree in Business Administration from the University of Wisconsin-Madison, Shawna began her career with a London broker handling the placement of Directors & Officers and Errors & Omissions insurance. She also has held underwriting, agency ownership and executive team leadership positions. Much of Shawna’s career focus has been serving the health care industry.